The researchers, who work for France-based security firm Synacktiv, discovered the three vulnerabilities that can be used to hack into Tesla.
The worst-case scenario enabled by these vulnerabilities, at least as far as the researchers are aware, is to annoy and potentially disrupt a driver, reports TechCrunch.
However, Tesla told the researchers that they couldn’t have turned on and off the car, or steered the wheel.
But, one of the researchers, Eloi Benoist-Vanderbeken, believes it might have been possible, said the report.
“Tesla mentioned we wouldn’t be able to turn the steering wheel, accelerate or brake. But from our understanding of the car architecture we are not sure that this is correct, but we don’t have proof of it,” Vanderbeken was quoted as saying.
The researchers didn’t have full access to a Tesla at that time, but they look forward to fact-checking the company’s statements once they do.
Moreover, the report mentioned that the first vulnerability was exploitable via Bluetooth, the second one allowed the researchers to elevate their privileges and become root (cybersecurity lingo for the highest level of system access — giving them free rein to execute code in the infotainment system), and the last one gave them control of the security gateway, a component that sends some commands to the car.
“It’s not at the point of a modern browser running on an iPhone or an Android, but it’s not that far from it. Tesla cars are really well connected to the internet, so they need to take care of security because they are likely to be targeted more than other cars,” Vincent Dehors, Cyber Security Engineer, Synacktiv, was quoted as saying.
Further, the researchers mentioned that Tesla is working on patches for these vulnerabilities, which should be pushed to cars soon, according to the report.
Last month, Tesla paused the rollout of its Full Self-Driving (FSD) beta software in the US and Canada until a firmware update can be issued to address a safety recall.
“Tesla has issued a voluntary recall on certain Model S, Model 3, Model X and Model Y vehicles that have installed or are pending installation of software that contains the Full Self-Driving (FSD) Beta feature,” Tesla wrote on the support page.